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Disposition of Claims 

4) ^ Claim(s) 1-9 and 17 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 1-9, 17 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) D Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20080627 



Application/Control Number: 10/677,730 Page 2 

Art Unit: 2132 

DETAILED ACTION 

1 . This office action is in response to applicants' amendment filed on . 

2. Claims 1-9 are 17 pending. 

3. Claims 10-16 and 18 are cancelled. 

4. Claims 1 and 17 are amended. 

5. Applicant's arguments with respect to the rejections of claims under 35 USC § 
102(e) have been fully considered but they are not persuasive. 

Response to Arguments 
1 . Applicants on page 4 of the remarks argue that "Carter appears to contemplate such 
actions being taken and orchestrated at the network level, e.g., switches associated with 
NSSS 18 of Carter's Figure 1, such as by closing switch ports, not at the protected hosts 
themselves, i.e., protected servers 114. As such, the "countermeasures" described by Carter 
are not "host-based" security measures, as recited in claims 1 and 17." 
And "deploying a countermeasure in response to a specific, detected threat or attack, as 
taught by Carter, is not the same as selectively and/or differentially deploying a host- 
based security measure on a per- service basis, based on the respective risk profiles of 
the various host services, as recited in claims 1 and 17." 

Examiner respectfully disagrees and asserts that Carter discloses: 
The Network Surveillance and Security System monitors all communication traffic 
within at least one section of a network where any type of communication protocol is 
functioning within a communication domain (where one section of a network 
corresponds to recited a host) (see [0174]); 
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"On the Internet, the term "host" means any computer that has full two-way 
access to other computers on the Internet... In this context, a "host" is a node in a 
network (see [0177]); 

In a surveillance mode, the Network Surveillance and Security System samples 
and analyzes data packets destined for host computers (see [0178]); 

A fourth novel combination of Al and other functions for protecting network 
security includes (see [0262]): 

Network and host based security protection (see [0265]); 

A general procedures 812 encompasses a single-component of the Network 
Surveillance and Security System operations (where a single-component of the Network 
corresponds to recited a host) (see [0473]); and 

A sub-group of these policies are Interface policies. These policies govern any 
type of access to a server in the Protected Constellation (see [0612]). The Interface 
Policies are: 

Host to Host System interface Policies (see [0613]). 

Therefore, Carter teaches that the "countermeasures" in its surveillance system 
is also implemented for a host, which means that Carter security method is also host- 
based. 

2. Examiner, however, in light of the above submission maintains the previous 
rejections while considering the amendments to the claims 1 and 17 as follows: 
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Claim Rejections - 35 USC § 102 

Claims 1-9 and 17 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Carter et al (2003/0051 026 A1 , hereinafter Carter). 

Regarding claims 1 and 17, Carter disclose: 

A method for securing a host service (see paragraph 0168) comprising: 
evaluating a risk to the host service based on communication with a remote 
system (see paragraphs 0168, 0178 and 0180); 

creating a risk profile for the host service (see paragraphs 0172, 0195, 0218, 
0261 and 0273, where information about the past unauthorized attempts, events and 
security state correspond to the recited risk profile); and 

deploying a security measure to protect the host service based on the risk profile 
(see paragraphs 0182, 0221, 0228 and 0306); 

wherein the host service is one of a plurality of host services, each of which has a 
corresponding risk profile, and the host-based security measure is deployed with respect 
to each host service in a manner determined at least in part by the corresponding risk 
profile of that host service (see, for example, paragraphs 0174, 0177, 0178, 0265 and 
0473). 

Regarding claim 2, Carter disclose: 

A method for securing a host service as recited in claim 1 wherein creating a risk 
profile includes assigning a priority to the risk profile (see paragraphs 0234 and 0592). 
Regarding claim 3, Carter disclose: 
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A method for securing a host service as recited in claim 1 wherein evaluating a 
risk to the host service further includes determining if the host service calls an interface 
(see paragraphs 059-0162, 0190 and 0367). 
Regarding claim 4, Carter disclose: 

A method as recited in claim 1 wherein profiling a risk on the host further 
includes determining if an external application requests access to the host (see 
paragraphs 0195 and 0652). 

Regarding claim 5, Carter disclose: 

A method as recited in claim 1 wherein profiling a risk on the host further 
includes requesting data from the host (see paragraphs 0218). 
Regarding claim 6, Carter disclose: 

A method as recited in claim 1 wherein evaluating a risk to the host service 
further includes determining if the application is directly exchanging data with an 
external application (see paragraphs 0199, 0263 and 0652). 
Regarding claim 7, Carter disclose: 

A method as recited in claim 1 wherein creating the risk profile further includes 
determining if the application is indirectly exchanging data with the remote system (see 
paragraphs 0160, 0373 and 0652). 
Regarding claim 8, Carter disclose: 

A method as recited in claim 1 wherein creating the risk profile includes 
evaluating a file (see paragraphs 0190, and 0299). 

Regarding claim 9, Carter disclose: 
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A method as recited in claim 1 wherein creating the risk profile includes 
evaluating a programming interface (see paragraphs 0310 and 0374-0375). 
Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ABDULHAKIM NOBAHAR whose telephone number is 
(571)272-3808. The examiner can normally be reached on M-T 8-6. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. 

/Abdulhakim Nobahar/ 
Examiner, Art Unit 2132 

June 27, 2008 
/Gilberto Barron Jr/ 

Supervisory Patent Examiner, Art Unit 2132 



